Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

A one way hash of an IPv4 address is no more private than the address itself. If you know the has algorithm, you can build a rainbow table of all the hashes in under a second. Even with a random salt it doesn't take long to build a rainbow table with all possible salts.


Doesn't that depend on the size of the salt?


To an extent, but there are easy ways to cut the search space. For example, you could make a unique request with garbage on it from a known IP every day, and then all you have to do is build a rainbow table for that one IP to find out what the salt is for each day, and then you can fully reconstruct the logs.


If the salt is a random 64bit number (for example) then "finding out" the salt is not trivial.


And unless I'm missing something, it seems easy to add plenty of bits to the salt until it's no longer practical to reverse.


@mattlondon: The salt is known to plausible, that is the only way someone can hash it.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: